SolarWinds monitoring and root history is a mess.
SolarWinds uses SSH and scripts to do it's monitoring checks. OK, fine. It has to run as root so that it can make these checks, well, thanks for not implementing SUDO by default. So what happens is the history for root is clobbered by all it's commands/processes for checks. Searching and trying things just doesn't get me the outcome that I (and others) really need, disable the monitoring system from writing history.
While it seemed easy (with issues) was to check and see if there is a connection from the server in .bash_profile (RHEL based).
chkSWOusr=$(w | grep orion)
if [ "$chkSWOusr" == 0 ]; then
shopt -u -o history
fi
Well, if someone needs root and there is a check, they get missed but better than nothing usable. It works when I use shopt on a login but it's not working when I use .bash_profile and tried /etc/profile.d/ script, to preserve /etc/profile from edits.
So I have to ask, there are far smarter and those that know Linux way more than I. Am I barking up the wrong tree? Do I need to disable root history period? Is there a more elegant way to disable root writing to history based on source?
Thanks much LQ community.
|